Lucene search

[email protected]CVE-2006-6805

HistoryDec 28, 2006 - 9:28 p.m.

CVE-2006-6805

2006-12-2821:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-6805

sql injection

enthrallweb ejobs

newsdetail.asp

vulnerability

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

64.4%

JSON

SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CPENameOperatorVersion
enthrallweb:ejobsenthrallweb ejobseq*

CPE	Name	Operator	Version
enthrallweb:ejobs	enthrallweb ejobs	eq	*

References

secunia.com/advisories/23520

www.vupen.com/english/advisories/2006/5157

www.exploit-db.com/exploits/2988

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

64.4%

JSON